A serialization vulnerability in logback receiver component part of
logback version 1.4.11 allows an attacker to mount a Denial-Of-Service
attack by sending poisoned data.
References
Link | Resource |
---|---|
https://logback.qos.ch/news.html#1.3.12 | Release Notes |
Configurations
Configuration 1 (hide)
|
History
05 Dec 2023, 21:00
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:qos:logback:*:*:*:*:*:*:*:* |
05 Dec 2023, 15:45
Type | Values Removed | Values Added |
---|---|---|
References | () https://logback.qos.ch/news.html#1.3.12 - Release Notes | |
CWE | CWE-502 | |
CPE | cpe:2.3:a:qos:logback:1.4.11:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
29 Nov 2023, 12:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-11-29 12:15
Updated : 2024-02-05 00:22
NVD link : CVE-2023-6378
Mitre link : CVE-2023-6378
CVE.ORG link : CVE-2023-6378
JSON object : View
Products Affected
qos
- logback
CWE
CWE-502
Deserialization of Untrusted Data